5 Mistakes CEO’s Make with Ransomware
November 30th, 2021 by Roger Wentowski
With the ransomware epidemic still in full swing, and with no clear end in sight, many CEOs are still scratching their heads with decisions on how to secure their network. They pivot from strategy to strategy, try to take on the burden solely in house, or even worse decide to throw up their hands and do nothing. In honor of the game this weekend, I think it is prudent to quote Nick Saban here:
“There are three things we can’t have. We can’t have complacency, we can’t have selfishness, and we can’t lose our accountability.”
This powerful message is how you need to be addressing your IT and network security every day. There is no silver bullet, there is no quick fix, and there are no second chances when your business is under attack, and you have no plan in place to handle ransomware. For instance, the US National Cyber Security Alliance data shows that 60% of all small companies who suffer a cyber-attack, are out of business within six months. Do not let your company become a statistic. Every day organizations need to follow a process and do everything in their power to make sure your company won’t be next. Here are the top 5 mistakes CEO’s make, and what you should be doing instead.
-
Not Using Multi-Factor Authentication
If I could shout this from the mountain tops, and ensure every organization heard this I would. Multi-factor Authentication is one of the best tools not being utilized by businesses, and I do not understand why. It can help secure your network in more ways than I can count and has saved businesses their livelihoods countless times. If you were to have a password breach or even a brute force attack where a hacker was able to determine passwords without needing any assistance from your employees, it can still ensure your network is secure. With a simple app notification, you and your employees can access all your important information and ensure no hacker could gain access to this with a simple password. This needs to be the first thing on your agenda when going into the new year.
-
Backups, Backups, Backups
There is no typo in that bullet, three backups for your data are necessary today and if you aren’t sure what your company is doing currently, that is a major red flag. You should have three copies of your data, one in production and two backup copies. You should also be using two different media types to save these backups, and one copy off-site for disaster recovery. This strategy reduces the impact of a single point of failure and gives you options instead of one path. Verification needs to be on the top of your list as well. Backup files can be corrupted, or damaged, and your fail-safe policy quickly becomes a failure safety issue because no one bother to check and see.
-
Security Awareness Training
Your employees, nor yourself are perfect. Even with my knowledge in this field, I still must have constant training on the new pitfalls plaguing the world. Your company is no different. You would never ask them to become experts in the field, but they do need to know the dangers of everyday office life and how to spot phishing attacks. Phishing attacks can come from emails, phone calls or any other form of communication. The Hackers will pose as a respected and esteemed individual either inside your company or a familiar vendor who you know and trust. They will ask for passwords, I have seen some horror stories where the hackers will mask themselves as the security team doing audits, and usernames. In a matter of moments your employee just handed the keys to the castle, and thought they were doing right by the company. These events are not rare. Without the knowledge, how can you expect your team to avoid these catastrophes?
-
Not patching or updating Software
Every day in IT I expect to see a news article about a zero-day event, or some new vulnerability discovered with an operating system. These things happen, hackers and criminals are always going to be one step ahead of the law and looking for new ways to exploit the system. That is why it is so important that you have the latest and most secure versions of software running on your network. So many companies are using software that is no longer being supported and leaving themselves at risk. This isn’t a case of you just leaving your door unlocked, this is like leaving the door and windows unlocked, breaking down one of your walls into a human sized hole, and putting a huge sign outside saying “Come Steal My Information!” Do not make this mistake.
-
Leaving this to your IT Guy
No one person can take on all these challenges, and expect great results. But so many organizations have one person trying to oversee all of this and to put it simply, it can not be done. Your IT person needs support, and a team behind them ensuring every opportunity is being ceased in securing your network. Even with constant management tools, there is not enough time in the day for one individual to mitigate these potential disasters. Some organizations put so little thought into these protections that they do not even have a full-time person handling these challenges. This is a recipe for disaster at worst, and at best ensuring that you will not have the time or manpower to handle these threats. You should be hiring a team to either back up your employee or recruiting one to handle this up-hill battle.
There are many more action items for your security, but they take a plan and concentrated effort. If you are looking at taking these measures seriously, please contact BTS Technologies. We can give you the road map to success, and give you and your team the knowledge to handles this pitfalls. Do not stumble into 2022 not knowing how to get these actions in place. Contact us today, and let the professionals show you how you can get some Ransomware Relief.
Posted in: Cyber Security
